I'm using Xymon also, so this is very good to hear. Thanks! 2011/1/25 Erik Damsgaard <edams...@csc.com>
> I am doing a similar thing like 'sshaide.sh' through monitoring jobs run > from Xymon. The jobs are scheduled to run every 15,30,45,60 minutes or > whatever you think is feasible through Xymon. I keep all db's, binaries and > conf files on the xymon server and 1) copy it out 2)run the job 3)copy > result back and alarm through Xymon. > In this way I get alarms out through Xymon and to the right place for > actions. Please see http://www.xymon.com/ > > I have additional scripts for updates(which will clear the alarm and > generate a new db) and init's which is run manually. > > Regards > --------------------------- > ERIK DAMSGAARD > Security Analyst > CSC > GSS Nordic | Tell (+45 36146217) | Cell (+45 29236217) | edams...@csc.com| > www.csc.com/dk > > CSC • This is a PRIVATE message. If you are not the intended recipient, > please delete without copying and kindly advise us by e-mail of the mistake > in delivery. NOTE: Regardless of content, this e-mail shall not operate to > bind CSC to any order or other contract unless pursuant to explicit written > agreement or government initiative expressly permitting the use of e-mail > for such purpose • CSC Danmark A/S • Registered Office: Retortvej 8, DK - > 2500 Valby, Denmark • Registered in Denmark No: 15231599 > > > > From: Vijay <vavarac...@gmail.com> To: Aide user mailinglist < > aide@cs.tut.fi> Date: 24-01-2011 22:57 Subject: Re: [Aide] Best Practices > on storing aide databases > ------------------------------ > > > > Bobby, > Take a look at 'sshaide.sh' script in the contrib folder of the aide > release. > > # DESCRIPTION > # sshaide.sh uses AIDE and SSH to remotely run integrity checks > # on ALL configured client systems or those specifically listed on > # the command line from a centralized manager station. sshaide.sh > # stores all binaries, databases and reports on a secure, centralized > # manager station. Database initialization or periodic checks are > # run on demand or via cron jobs from the manager stations based on > # local policy requirements. > > Thanks, > Vijay > > 2011/1/24 J. Bobby Lopez <*j...@jbldata.com* <j...@jbldata.com>> > Would there be any online docs which discuss this? > > > On Fri, Jan 14, 2011 at 10:47 AM, J. Bobby Lopez > <*j...@jbldata.com*<j...@jbldata.com>> > wrote: > Hi, > > Just started using AIDE, and so far I'm liking it. > > I'm curious though what some of the best practices are on storing the AIDE > databases. > > When aide.db.new is created, it's in the same directory as aide.db. When I > copy aide.db.new to aide.db, should I be deleting aide.db.new? > > What is to prevent someone who happens to gain root from running AIDE > again, generating a new aide.db.new, and copying over aide.db before the > next cron job, therefore making their trespass undetectable? > > Thanks, > Bobby > > > _______________________________________________ > Aide mailing list* > **Aide@cs.tut.fi* <Aide@cs.tut.fi>* > **https://mailman.cs.tut.fi/mailman/listinfo/aide*<https://mailman.cs.tut.fi/mailman/listinfo/aide> > > > > > -- > "Knowledge is the only wealth that grows as you spend it, and diminishes as > you save it." > -- ancient Sanskrit saying_______________________________________________ > > Aide mailing list > Aide@cs.tut.fi > https://mailman.cs.tut.fi/mailman/listinfo/aide > > > > _______________________________________________ > Aide mailing list > Aide@cs.tut.fi > https://mailman.cs.tut.fi/mailman/listinfo/aide > >
_______________________________________________ Aide mailing list Aide@cs.tut.fi https://mailman.cs.tut.fi/mailman/listinfo/aide
